Koichiro IWAO
939eb3130e
Cedar/Client: Enable CtVLans{Up,Down} on FreeBSD
...
The same trick also works on FreeBSD. There's no reason to limit it to
Linux.
2023-05-31 17:48:31 +09:00
Koichiro IWAO
0ba7ad392e
Cedar/VLanUnix: Enable UnixVLanSetState on FreeBSD
2023-05-31 17:48:31 +09:00
Koichiro IWAO
8482a52522
Cedar/VLanUnix: Make NicDelete work on FreeBSD
...
In contrast to Linux, FreeBSD's tap devices are still plumbed after fd
closed. The tap device must be destroyed in addition to closing fd
to delete virtual network interfaces used for VPN connection.
NicDelete command now works properly and virtual network interfaces used
by vpnclient are cleaned up when shutting down vpnclient.
2023-05-31 17:48:31 +09:00
Koichiro IWAO
9c33605f5e
Cedar: Don't hardcode prefix for UNIX virtual network interface
2023-05-31 17:48:06 +09:00
Ilya Shipitsin
2fdd9ec4dc
Merge pull request #1832 from chipitsine/master
...
src/Cedar/Server.c: fix race condition
2023-05-13 20:42:38 +02:00
Roel van de Wiel
36505e3896
Changed 'settng' to 'setting' and regenerated the RPC docs
2023-05-10 15:09:57 +02:00
Ilya Shipitsin
c59df82666
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343528 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null,
but it has already been dereferenced on all paths leading to the
check.
438 if (name == NULL || k == NULL || k->private_key == false)
439 {
440 sec->Error = SEC_ERROR_BAD_PARAMETER;
441 return false;
442 }
2023-05-01 06:18:39 +02:00
Ilya Shipitsin
db7d6c83d5
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343537 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null
but it has already been dereferenced on all paths leading to the
check.
664 if (name == NULL)
665 {
666 sec->Error = SEC_ERROR_BAD_PARAMETER;
667 return false;
668 }
2023-05-01 06:09:38 +02:00
Ilya Shipitsin
a89adaebc3
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343536 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null, but
it has already been dereferenced on all paths leading to the check.
1339 if (name == NULL || data == NULL || size == 0)
1340 {
1341 sec->Error = SEC_ERROR_BAD_PARAMETER;
1342 return false;
1343 }
2023-05-01 06:07:19 +02:00
Ilya Shipitsin
c46871688b
src/Cedar/Server.c: fix race condition
...
=================================================================
==1505093==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000366b88 at pc 0x7f72afadc34a bp 0x7f72990fa390 sp 0x7f72990fa388
READ of size 4 at 0x607000366b88 thread T22
#0 0x7f72afadc349 in GetCaps /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861
#1 0x7f72afadc382 in GetCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1802
#2 0x7f72afaf72a5 in GetServerCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1098
#3 0x7f72afaf7318 in GetServerCapsBool /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1104
#4 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4887
#5 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4824
#6 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5548
#7 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5515
#8 0x7f72afaf81d6 in SiWriteConfigurationToCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:3166
#9 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6593
#10 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6569
#11 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6561
#12 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6547
#13 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:872
#14 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:827
#15 0x7f72af76eeb4 in UnixDefaultThreadProc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1604
#16 0x7f72af4ffc56 in start_thread (/lib64/libc.so.6+0x8cc56) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2)
#17 0x7f72af585a6f in __clone3 (/lib64/libc.so.6+0x112a6f) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2)
0x607000366b88 is located 24 bytes inside of 72-byte region [0x607000366b70,0x607000366bb8)
freed by thread T0 here:
#0 0x7f72afed7fc8 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xd7fc8) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
#1 0x7f72af76ed6f in UnixMemoryFree /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2072
previously allocated by thread T22 here:
#0 0x7f72afed92ff in malloc (/lib64/libasan.so.8+0xd92ff) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
#1 0x7f72af76f35d in UnixMemoryAlloc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2053
Thread T22 created by T0 here:
#0 0x7f72afe48966 in pthread_create (/lib64/libasan.so.8+0x48966) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
#1 0x7f72af76f713 in UnixInitThread /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1683
SUMMARY: AddressSanitizer: heap-use-after-free /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 in GetCaps
Shadow bytes around the buggy address:
0x607000366900: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00
0x607000366980: 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
0x607000366a00: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
0x607000366a80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
0x607000366b00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fd fd
=>0x607000366b80: fd[fd]fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x607000366c00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
0x607000366c80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
0x607000366d00: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x607000366d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x607000366e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
2023-05-01 05:53:36 +02:00
Ilya Shipitsin
46e73e944f
src/Mayaqua/Unix.c: fix guarding
...
SoftEtherVPN/src/Mayaqua/Unix.c:51:25: warning: missing
terminating ' character
51 | #include <sys/statvfs.h>'
2023-04-29 22:31:55 +02:00
Ilya Shipitsin
8fc27da780
Merge pull request #1829 from chipitsine/master
...
src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
2023-04-22 08:26:47 +02:00
Ilya Shipitsin
df6df007a3
src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
...
TALOS-2023-1741
CVE-2023-23581
SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability
A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
2023-04-21 22:38:22 +02:00
Ilya Shipitsin
d2e673a47d
src/Cedar/Proto_OpenVPN.c: fix denial of service found by Cisco Talos
...
specially crafted network packet lead to buffer overrun and process
crash. working exploit was provided by Cisco Talos team.
An integer underflow vulnerability exists in the vpnserver
OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A
specially-crafted network packet can lead to denial of service. An
attacker can send a malicious packet to trigger this vulnerability.
The versions below were either tested or verified to be vulnerable by
Talos or confirmed to be vulnerable by the vendor.
SoftEther VPN 5.01.9674
SoftEther VPN 5.02
While 5.01.9674 is a development version, it is distributed at the time
of writing by Ubuntu and other Debian-based distributions.
2023-04-16 23:06:30 +02:00
Yihong Wu
df7ea3c54a
Mayaqua/Memory: Fix memory corruption in base64
2023-03-31 09:14:39 +00:00
dependabot[bot]
fb83ac08f2
Bump webpack in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [webpack](https://github.com/webpack/webpack ) from 5.75.0 to 5.76.0.
- [Release notes](https://github.com/webpack/webpack/releases )
- [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 )
---
updated-dependencies:
- dependency-name: webpack
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-15 09:35:00 +00:00
Ilya Shipitsin
e6123d36a0
Merge pull request #1782 from metalefty/adjust-version-string
...
Cedar: Trim contiguous whitespaces in version string
2023-03-12 08:32:55 +01:00
dependabot[bot]
91053622ab
Bump minimist and mkdirp in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [minimist](https://github.com/minimistjs/minimist ) and [mkdirp](https://github.com/isaacs/node-mkdirp ). These dependencies needed to be updated together.
Updates `minimist` from 0.0.8 to 1.2.8
- [Release notes](https://github.com/minimistjs/minimist/releases )
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md )
- [Commits](https://github.com/minimistjs/minimist/compare/v0.0.8...v1.2.8 )
Updates `mkdirp` from 0.5.1 to 0.5.6
- [Release notes](https://github.com/isaacs/node-mkdirp/releases )
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md )
- [Commits](https://github.com/isaacs/node-mkdirp/compare/0.5.1...v0.5.6 )
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
- dependency-name: mkdirp
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-03 01:26:17 +00:00
Koichiro IWAO
1fe26ccb6c
Cedar: Trim contiguous whitespaces in version string
...
Before change, contiguous whitespaces appeared in version string.
This room is for beta string (such as Alpha, Beta) and beta number but
it looks a bit odd if the build is not alpha/beta/RC.
> Version 5.02 Build 5180 Alpha 3 (Japanese)
> Version 5.02 Build 5180 Beta 3 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
> Version 5.02 Build 5180 (Japanese)
> ^^^
Now version string looks neat like this:
> Version 5.02 Build 5180 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
2023-03-01 16:14:04 +09:00
Koichiro IWAO
bedf1cd7e9
Mayaqua/Unix: Make VM detection work on FreeBSD
...
This is just a cosmetic problem in the result of "Caps" command which
gets the list of server functions/capability. There's no behavioural
change in SoftEtherVPN whether running on VM so far.
2023-02-28 20:08:04 +09:00
Yihong Wu
cd2838795b
Radius: Make sure MS-CHAP response matches the original username
2023-02-27 08:37:23 +00:00
Yihong Wu
4ff9c6393a
Support all EAP methods for PPP sessions with RADIUS
2023-02-27 08:37:23 +00:00
Yihong Wu
e81ecbb0ec
Support EAP auth with RADIUS server for SEVPN
2023-02-24 13:05:34 +00:00
Yihong Wu
1741dfdccc
Cedar/Proto_PPP: Fix radius authentication
2023-02-23 13:03:10 +00:00
Yihong Wu
eea1de3d25
Mayaqua/Network: Fix empty packet being treated as error
2023-02-19 05:41:55 +00:00
Evengard
c67d9ee201
Fixing up coverity report flags from #1760 and #1761
2023-02-04 17:47:20 +03:00
Yihong Wu
025ebec4cc
Fix thread safety after #1751
2023-02-02 06:53:30 +00:00
Ilya Shipitsin
11828be9e6
Merge pull request #1751 from Evengard/eap-tls-fixups
...
TLS 1.3 for EAP-TLS, user search by certificate CN
2023-02-01 09:47:38 +06:00
Evengard
edcdc923ad
Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN
2023-01-31 20:33:18 +03:00
Yihong Wu
6ce91e9c81
Cedar/IPC: Change IPv6 router lookup to non-blocking
...
Fix #1755
2023-01-31 05:20:40 +00:00
Yihong Wu
43aaca509d
Cedar/Proto_PPP: Fix memory leak
2023-01-30 20:24:45 +09:00
Yihong Wu
0cdf0eacbf
Cedar/IPC: Improve IPv6CP configuration
2023-01-28 09:05:28 +00:00
Kensei Sakai
54593e8cac
add requirements package on Debian/Ubuntu
...
On Ubuntu Server 22.04 LTS (and newer?), the ./configure command fails because the 'pkgconf' package is not installed by default. Suggest that the 'pkgconf' package be installed in this command line.
2023-01-26 01:35:37 +09:00
Evengard
26403c70e3
Reworking the EAP CN matching option from admin options to extended options
2023-01-24 12:18:20 +03:00
Evengard
0a60cdf141
Hiding the EAP-TLS match user by certificate behind an admin option, disabled by default
2023-01-24 11:48:49 +03:00
Evengard
149096e13c
* Implementing user search by certificate common name.
...
* Reworking EAP-TLS flow
* Implementing iterative TLS downgrade supporting PPPD TLS 1.3+Tickets, Windows TLS 1.3 w/o Tickets, VPN Client Pro TLS 1.2.
2023-01-23 23:57:19 +03:00
Ilya Shipitsin
c7766d072b
src/Mayaqua/Unix.c: improve memory allocation handling according to Coverity
...
1875 if (mutex == NULL)
1876 {
CID 367204 (#1 of 1): Resource leak (RESOURCE_LEAK)4. leaked_storage: Variable lock going out of scope leaks the storage it points to.
1877 return NULL;
1878 }
2023-01-15 13:30:37 +06:00
Ilya Shipitsin
6a5f4b0dfd
src/Cedar/Virtual.c: mute Coverity warning
...
4272 FreeBlock(block);
CID 375153 (#1 of 1): Uninitialized scalar variable (UNINIT)44. uninit_use: Using uninitialized value send_size.
4273 if (send_size == 0)
2023-01-14 21:38:28 +06:00
Yihong Wu
6e48227d93
Update CMakeLists.txt
2023-01-07 10:27:47 +09:00
Yihong Wu
1b79df7954
Mayaqua/CMakeLists: Fix win32 build without vcpkg
2023-01-06 22:32:28 +09:00
dependabot[bot]
2e8723b967
Bump json5, ts-loader, webpack and webpack-cli
...
Removes [json5](https://github.com/json5/json5 ). It's no longer used after updating ancestor dependencies [json5](https://github.com/json5/json5 ), [ts-loader](https://github.com/TypeStrong/ts-loader ), [webpack](https://github.com/webpack/webpack ) and [webpack-cli](https://github.com/webpack/webpack-cli ). These dependencies need to be updated together.
Removes `json5`
Updates `ts-loader` from 6.0.1 to 9.4.2
- [Release notes](https://github.com/TypeStrong/ts-loader/releases )
- [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md )
- [Commits](https://github.com/TypeStrong/ts-loader/compare/v6.0.1...v9.4.2 )
Updates `webpack` from 4.32.2 to 5.75.0
- [Release notes](https://github.com/webpack/webpack/releases )
- [Commits](https://github.com/webpack/webpack/compare/v4.32.2...v5.75.0 )
Updates `webpack-cli` from 3.3.12 to 5.0.1
- [Release notes](https://github.com/webpack/webpack-cli/releases )
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md )
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.12...webpack-cli@5.0.1 )
---
updated-dependencies:
- dependency-name: json5
dependency-type: indirect
- dependency-name: ts-loader
dependency-type: direct:development
- dependency-name: webpack
dependency-type: direct:development
- dependency-name: webpack-cli
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-01 08:28:23 +00:00
Ilya Shipitsin
86e44e8d7b
LibreSSL-3.7.0 compatibility
2022-12-25 11:35:29 +06:00
dependabot[bot]
99374ba446
Bump decode-uri-component in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component ) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases )
- [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2 )
---
updated-dependencies:
- dependency-name: decode-uri-component
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-03 13:51:53 +00:00
Yihong Wu
d8e56f9dbc
Add build instruction for dynamic linking OpenSSL
...
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
2022-11-27 19:33:52 +09:00
Koichiro IWAO
e2ad7d5e8f
Fix wrong shortcut key assignment
...
Fixes #1702 .
2022-11-17 16:11:30 +09:00
Ilya Shipitsin
9eb9d57c27
Merge pull request #1700 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/kind-of-6.0.3
...
Bump kind-of from 6.0.2 to 6.0.3 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 21:00:03 +05:00
Ilya Shipitsin
28ec0d54b8
Merge pull request #1697 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/yargs-parser-13.1.2
...
Bump yargs-parser from 11.1.1 to 13.1.2 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 20:56:54 +05:00
dependabot[bot]
506677bf60
Bump kind-of in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [kind-of](https://github.com/jonschlinkert/kind-of ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/jonschlinkert/kind-of/releases )
- [Changelog](https://github.com/jonschlinkert/kind-of/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jonschlinkert/kind-of/compare/6.0.2...6.0.3 )
---
updated-dependencies:
- dependency-name: kind-of
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 15:42:01 +00:00
dependabot[bot]
6a1b55293c
Bump yargs-parser in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [yargs-parser](https://github.com/yargs/yargs-parser ) from 11.1.1 to 13.1.2.
- [Release notes](https://github.com/yargs/yargs-parser/releases )
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md )
- [Commits](https://github.com/yargs/yargs-parser/commits )
---
updated-dependencies:
- dependency-name: yargs-parser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 15:39:28 +00:00
Ilya Shipitsin
49c1a84752
Merge pull request #1699 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/serialize-javascript-and-terser-webpack-plugin-4.0.0
...
Bump serialize-javascript and terser-webpack-plugin in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 20:35:18 +05:00
Ilya Shipitsin
34a9a7bc46
Merge pull request #1698 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/set-value-and-union-value-2.0.1
...
Bump set-value and union-value in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 20:22:47 +05:00
dependabot[bot]
e7980ae9b1
Bump serialize-javascript and terser-webpack-plugin
...
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript ) and [terser-webpack-plugin](https://github.com/webpack-contrib/terser-webpack-plugin ). These dependencies needed to be updated together.
Updates `serialize-javascript` from 1.7.0 to 4.0.0
- [Release notes](https://github.com/yahoo/serialize-javascript/releases )
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v1.7.0...v4.0.0 )
Updates `terser-webpack-plugin` from 1.3.0 to 1.4.5
- [Release notes](https://github.com/webpack-contrib/terser-webpack-plugin/releases )
- [Changelog](https://github.com/webpack-contrib/terser-webpack-plugin/blob/v1.4.5/CHANGELOG.md )
- [Commits](https://github.com/webpack-contrib/terser-webpack-plugin/compare/v1.3.0...v1.4.5 )
---
updated-dependencies:
- dependency-name: serialize-javascript
dependency-type: indirect
- dependency-name: terser-webpack-plugin
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 14:44:52 +00:00
dependabot[bot]
9f53cf5bdb
Bump set-value and union-value in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [set-value](https://github.com/jonschlinkert/set-value ) and [union-value](https://github.com/jonschlinkert/union-value ). These dependencies needed to be updated together.
Updates `set-value` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/jonschlinkert/set-value/releases )
- [Commits](https://github.com/jonschlinkert/set-value/compare/2.0.0...2.0.1 )
Updates `union-value` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/jonschlinkert/union-value/releases )
- [Commits](https://github.com/jonschlinkert/union-value/compare/1.0.0...1.0.1 )
---
updated-dependencies:
- dependency-name: set-value
dependency-type: indirect
- dependency-name: union-value
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 14:43:12 +00:00
Ilya Shipitsin
c492276a94
Merge pull request #1695 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/glob-parent-and-watchpack-5.1.2
...
Bump glob-parent and watchpack in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 19:36:00 +05:00
Ilya Shipitsin
661e61538e
Merge pull request #1694 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/ansi-regex-3.0.1
...
Bump ansi-regex from 3.0.0 to 3.0.1 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 19:34:56 +05:00
Ilya Shipitsin
b5a83cc208
Merge pull request #1691 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/loader-utils-1.4.2
...
Bump loader-utils from 1.2.3 to 1.4.2 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 19:34:07 +05:00
dependabot[bot]
b6d2ec3b76
Bump glob-parent and watchpack in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [glob-parent](https://github.com/gulpjs/glob-parent ) and [watchpack](https://github.com/webpack/watchpack ). These dependencies needed to be updated together.
Updates `glob-parent` from 3.1.0 to 5.1.2
- [Release notes](https://github.com/gulpjs/glob-parent/releases )
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md )
- [Commits](https://github.com/gulpjs/glob-parent/compare/v3.1.0...v5.1.2 )
Updates `watchpack` from 1.6.0 to 1.7.5
- [Release notes](https://github.com/webpack/watchpack/releases )
- [Commits](https://github.com/webpack/watchpack/compare/v1.6.0...v1.7.5 )
---
updated-dependencies:
- dependency-name: glob-parent
dependency-type: indirect
- dependency-name: watchpack
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:32:44 +00:00
dependabot[bot]
4ebf713911
Bump ansi-regex in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [ansi-regex](https://github.com/chalk/ansi-regex ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v3.0.1 )
---
updated-dependencies:
- dependency-name: ansi-regex
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:31:04 +00:00
dependabot[bot]
b5727b3525
Bump loader-utils in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [loader-utils](https://github.com/webpack/loader-utils ) from 1.2.3 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases )
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md )
- [Commits](https://github.com/webpack/loader-utils/compare/v1.2.3...v1.4.2 )
---
updated-dependencies:
- dependency-name: loader-utils
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:14:27 +00:00
dependabot[bot]
372759d2ad
Bump minimatch in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [minimatch](https://github.com/isaacs/minimatch ) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases )
- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2 )
---
updated-dependencies:
- dependency-name: minimatch
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:14:23 +00:00
tickerguy
0643ae70f5
Update BridgeUnix.c
...
On FreeBSD the stock code will attempt to expand the interface MTU any time a packet is to be sent that exceeds the current MTU. This results in a down/up on the interface that is wildly disruptive to existing services on that adapter and, eventually, is likely to run into MTU limits and start logging failures, even with jumbo-frame capable adapters. Thus if compiling on a FreeBSD machine disable this capability. Tested against 12.3-STABLE and 13.1-STABLE on v4.38-9760 from the FreeBSD ports tree but likely applies here as well; see bug report https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267178
2022-10-19 12:39:32 -04:00
Yihong Wu
05fa675d5a
Exclude inactive routes in Windows routing management
2022-09-16 17:25:11 +09:00
Yihong Wu
dc5da0c6a9
Zero out protocol strings when reconnecting
2022-09-13 19:14:33 +09:00
Guest126
04569c81c7
fix typo
2022-08-03 23:30:05 +09:00
dependabot[bot]
fa99fde893
Bump terser in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [terser](https://github.com/terser/terser ) from 4.0.0 to 4.8.1.
- [Release notes](https://github.com/terser/terser/releases )
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/commits )
---
updated-dependencies:
- dependency-name: terser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-20 08:39:28 +00:00
Davide Beatrici
a14d812dcb
Merge PR #1610 : Proto_OpenVPN: Set max allowed ACKs to 8 for P_ACK_V1
2022-06-14 04:53:56 +02:00
Arne Schwabe
37aa1ba534
Proto_OpenVPN: Set max allowed ACKs to 8 for P_ACK_V1
...
OpenVPN always allowed 8 ACKs in P_ACK_V1 packets but only used
up to 4 in other control packets. Since Softether drops all packets with
more than 4 ACKs it also drops legimate P_ACK_V1.
See also this issue: https://github.com/schwabe/ics-openvpn/issues/1486
2022-06-14 00:06:02 +02:00
Yihong Wu
3ed7f7cbce
Adjust TCP MSS if UDP acceleration is enabled (even if inactive)
2022-06-13 22:15:44 +09:00
Yihong Wu
209f60f079
Merge pull request #1604 from domosekai/docs
2022-05-29 10:47:59 +09:00
Yihong Wu
333cbb3f29
Update Windows build instructions
...
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
2022-05-28 15:26:23 +09:00
Yihong Wu
e74d9dec25
Merge pull request #1593 from domosekai/cm
2022-05-26 12:54:09 +09:00
Yihong Wu
ad4ce138e9
Merge pull request #1594 from domosekai/tray
...
Show connection names in tray tips
2022-05-16 15:23:36 +09:00
Yihong Wu
27d7f4cfbe
Fix route tracking on x86 Windows
2022-05-15 19:42:57 +09:00
Yihong Wu
4a3b4589c6
Show connection names in icon tips
2022-05-15 15:22:46 +08:00
Yihong Wu
53d8b10de2
Remove CM timer event to fix taskbar behavior on Win 11
2022-05-14 14:05:31 +08:00
Yihong Wu
ca996ed89a
Merge pull request #1522 from domosekai/tls
...
Implement complete server certificate verification
2022-05-12 23:38:38 +08:00
Daehun Hyun
cb6d9531b5
Fixed an issue where routing was not added when receiving DHCP static routing options.
2022-05-10 17:35:01 +09:00
sfreet
5a0227ba1d
Allow packets if the both source and destination session users are the same, even in PrivacyFilter mode
2022-05-09 15:45:55 +09:00
Yihong Wu
ca226cdc9d
Add CMakeSettings.json to facilitate VS configuration
...
Update build instructions for Windows
2022-04-30 15:03:05 +08:00
Yihong Wu
c8dca265b4
Merge pull request #1576 from domosekai/ipv6
...
Fix IPv6 ND for Windows 11 PPP clients
2022-04-27 20:37:25 +08:00
Yihong Wu
b3afbe37e9
Load legacy provider under OpenSSL 3.0
2022-04-26 22:00:15 +08:00
updatede
b4bb90ec5b
Fix udp acceleration unusable on big endian system
...
On big endian system, while store 32 bits and 16bits number in memory of UINT64 variable "tmp", first 4 bytes of it always be zero makes "cookie" and "size" always be zero, lead to udpaccel unusable.
2022-04-25 18:16:50 +08:00
Yihong Wu
a742e2d193
Fix IPv6 ND for Windows 11 PPP clients
2022-04-08 00:37:38 +08:00
Yihong Wu
992a998a34
Add missing translation for protocol details
2022-04-01 22:18:54 +08:00
Yihong Wu
3c0e3fa49c
Merge pull request #1564 from domosekai/bulk
2022-03-21 10:13:56 +08:00
Yihong Wu
d86cf181bf
Fix UDP bulk v2 and protocol display
2022-03-20 16:48:15 +08:00
dependabot[bot]
e8b88fd225
Bump tar from 4.4.8 to 4.4.19 in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [tar](https://github.com/npm/node-tar ) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-tar/compare/v4.4.8...v4.4.19 )
---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-19 19:17:31 +00:00
Davide Beatrici
9764485774
Merge PR #1551 : Bump ajv from 6.10.0 to 6.12.6
2022-03-19 20:16:53 +01:00
Daiyuu Nobori
32a970f976
Admin.c: Fix wrong endianness in InRpcNodeInfo() and OutRpcNodeInfo()
2022-02-22 19:38:34 +01:00
Daiyuu Nobori
56aedd6817
Memory: Add LittleEndian16(), LittleEndian32() and LittleEndian64()
2022-02-22 19:38:03 +01:00
dependabot[bot]
b603d2658a
Bump ajv from 6.10.0 to 6.12.6 in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [ajv](https://github.com/ajv-validator/ajv ) from 6.10.0 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases )
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.10.0...v6.12.6 )
---
updated-dependencies:
- dependency-name: ajv
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-12 02:08:14 +00:00
H William Welliver
fd92c754fc
Add missing headers required for solaris/illumos
2022-01-06 23:06:36 -05:00
Yihong Wu
0a4455ac40
Add more TLS negotiation info in logging and UI
2021-12-29 17:41:29 +08:00
Yihong Wu
f94ac6351e
Implement complete server certificate verification
2021-12-29 17:41:29 +08:00
weidi
09dd8a8b07
endif UNIX_LINUX before BSD
2021-12-26 16:13:53 +01:00
weidi
3c7d78a1bf
Merge branch 'SoftEtherVPN:master' into master
2021-12-26 11:51:55 +01:00
Yihong Wu
adbbe94675
Merge pull request #1528 from updatede/patch-1
...
Mayaqua/Network.h: Fix UDP acceleration under NAT-T connections
2021-12-26 12:32:48 +08:00
Yihong Wu
1c1560f6ca
Apply security level override in azure client mode
2021-12-26 12:12:00 +08:00
Yihong Wu
68dc4e23d8
Improve NAT-T hint string handling
2021-12-26 12:11:51 +08:00
Yihong Wu
f6edb5e165
Fix a typo that causes CascadeList to show blank hub name
2021-12-26 12:03:59 +08:00
Yihong Wu
a5565fce4b
Fix cascade links may start before configuration is loaded
2021-12-26 12:03:59 +08:00
Yihong Wu
d95d8ddefa
Fix account name in wrong case after editing
2021-12-26 12:03:59 +08:00
Johannes Weidacher
f1b464e84d
fix alpine compile issue.
2021-12-25 21:22:06 +01:00
Yihong Wu
51585e63e3
Fix server manager setting compatibility since build 9658
2021-12-25 13:25:34 +08:00
weidi
c72d4fddb8
Merge branch 'SoftEtherVPN:master' into master
2021-12-24 08:47:45 +01:00
Johannes Weidacher
fc15d1ebd5
fix alpine compile issue.
2021-12-23 21:06:19 +01:00
Johannes Weidacher
73ffa10f50
Fix build error on alpine
2021-12-23 20:59:48 +01:00
Yihong Wu
77ee848caa
Cedar/SM.c: Fix pointer usage before initialization
2021-12-23 17:23:15 +08:00
updatede
0b74a8e4ce
Update Network.h
...
Missing argument check lead to wrong value of IsIPv6 of struct UDP_ACCEL in NewUdpAccel(), eventually lead to UdpAccelInitClient() fail.
2021-12-22 13:19:50 +08:00
Yihong Wu
fc94843579
Fix the creation of a zero IPv6 address
...
Fix #1517
2021-12-12 20:05:36 +08:00
Yihong Wu
b91d9af5e3
Mayaqua/DNS: Fix memory safety in DNS operation threads
...
Fix #1329
2021-12-12 20:05:36 +08:00
Yihong Wu
2a40d21ef9
Merge pull request #1512 from domosekai/he
...
Perform TCP connection via IPv6 and IPv4 in parallel threads
2021-12-11 17:20:12 +08:00
Yihong Wu
02ee7b45d7
Save the correct server IP for route management
2021-12-10 16:53:28 +08:00
Yihong Wu
384ab07996
Perform TCP connection attempts via IPv6 and IPv4 in parallel
2021-12-10 16:18:45 +08:00
Yihong Wu
e6bf956806
Return and cache all addresses from DNS resolver
2021-12-10 16:18:45 +08:00
Yihong Wu
528f313dbe
Merge pull request #1511 from domosekai/ipstr
...
Fix IPv6 address display in session info dialog
2021-12-09 12:55:10 +08:00
Yihong Wu
b4aad09f21
Restore R-UDP listener when ListenIP is ::
2021-12-07 21:55:41 +08:00
Yihong Wu
14f5854ecf
Fix IPv6 address display in session info dialog
2021-12-07 15:48:32 +08:00
Yihong Wu
b178f26e52
Reduce redundant loop
...
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
2021-12-04 16:16:22 +08:00
Yihong Wu
9692a8d961
Fix DNS resolution when no IPv6 address is configured
2021-12-03 14:18:43 +08:00
Yihong Wu
2d1c8765aa
Merge pull request #1433 from domosekai/chain
...
Support user-specified server trust chain
2021-11-25 17:15:53 +08:00
Yihong Wu
8392ccd1fa
Merge pull request #1391 from domosekai/master
2021-11-25 11:09:12 +08:00
Davide Beatrici
2955dc5580
Merge PR #1507 : Change default hub option to allow default router in IPv6 RA
2021-11-24 00:22:04 +01:00
Yihong Wu
e095283641
Change default hub option to allow default router in IPv6 RA
2021-11-23 23:54:42 +08:00
Yihong Wu
fb004345b4
Cedar/Proto_PPP: Fix IPC DHCP renewal
2021-11-23 19:48:46 +08:00
Ilya Shipitsin
4d594e00f8
add "data-ciphers" to generated OpenVPN configs
2021-10-02 15:00:20 +05:00
Yihong Wu
2990b5ae93
Fix memory overrun in policy copy
2021-09-30 19:36:36 +08:00
Yihong Wu
462ebfb960
Fix policy dialog
2021-09-30 16:59:22 +08:00
Yihong Wu
582a739179
Fix auto refreshing of client manager
2021-09-28 20:15:41 +08:00
Yihong Wu
3a2d588722
Merge pull request #1483 from domosekai/ecc
...
Support ECDSA certificates on server side and show parameters in dialog
2021-09-25 20:58:18 +08:00
Yihong Wu
9c2a573cf2
Display key algorithm and parameters in cert dialog
2021-09-24 17:12:51 +08:00
Tetsuo Sugiyama
c9508b7fb7
Password change from client increments config file revision
...
Fixed an issue where changing the password from the client did not increment the revision of the server config file and the changes were not saved
2021-09-21 18:28:17 +09:00
Yihong Wu
2853337b81
Allow ECDSA certificates on server side
2021-09-20 08:18:36 +00:00
Yihong Wu
03859eb515
Merge pull request #1443 from domosekai/win32
...
Add IPv6 route management for Windows client
2021-09-18 22:12:27 +08:00
Yihong Wu
82af38c482
Cedar/Protocol.c: Fix connection to server clusters
2021-09-18 08:06:10 +00:00
Ilya Shipitsin
fc9286b11b
enable Control-flow Enforcement Technology (CET) Shadow Stack mitigation
...
for Windows binaries
found by BinSkim
2021-08-27 12:43:42 +05:00
Ilya Shipitsin
5adeeb75ea
Enable Control flow guard and Qspectre protection for windows binaries
...
found by BinSkim
2021-08-26 23:09:13 +05:00
Steve Muskiewicz
472dde05de
apply permission fix suggested by @hornos (for #1457 )
2021-08-19 08:14:50 -04:00
Ilya Shipitsin
fbdd6f1f3c
Merge pull request #1453 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/path-parse-1.0.7
...
Merge PR #1453 : Bump path-parse from 1.0.6 to 1.0.7 in /src/bin/hamcore/wwwroot/admin/default
2021-08-16 11:32:13 +05:00
dependabot[bot]
2d00ab7dcc
Bump path-parse in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-11 02:56:38 +00:00
Davide Beatrici
7f8e527883
CMake: Fix BLAKE2 build failure with MSVC due to it not defining __SSE2__
2021-08-10 22:58:28 +02:00
Davide Beatrici
ffc095f95a
CMake: Add build time check for EVP_PKEY_get_raw_public_key() availability
...
We need the function since 9dbbfcd388
, but unfortunately it's not provided by LibreSSL.
By introducing a build time check we inform the user about the issue explicitly instead of just letting compilation fail.
2021-08-08 19:29:32 +02:00
Rosen Penev
ee3bf7f507
fix compilation without OpenSSL engines
...
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-08-07 20:05:04 -07:00
domosekai
9b3077d955
Store interface metric separately as it mau change
2021-08-02 16:18:37 +08:00
domosekai
dd9c3546f7
Prevent IPv6 leak if only IPv4 default route is added
2021-08-02 16:18:37 +08:00
domosekai
4ddf39e760
Remove obsolete Win32 functions
2021-08-02 16:18:37 +08:00
domosekai
ce0591d924
Add IPv6 route management for Windows client
2021-08-02 16:18:36 +08:00
Ilya Shipitcin
37b5644291
src/Cedar/SW.c: treat "0" build as legitimate
...
installers built for PR have "0" build. let us treat them as legitimate
2021-08-01 12:26:51 +05:00
domosekai
9182a9b4e9
Mayaqua/Network.c: Fix race condition in TUBE operation
2021-07-22 11:59:15 +00:00
domosekai
8b87c9d4ef
Cedar/Proto_PPP.c: Fix memory leak in EAP-MSCHAPv2
...
Fixes : #1420 (Implement EAP-MSCHAPv2)
2021-07-21 11:16:35 +00:00